[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 03/10] xen/arm: ffa: fix version negotiation


  • To: Julien Grall <julien@xxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Thu, 26 Sep 2024 06:50:48 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=arm.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dkim=[1,1,header.d=arm.com] dmarc=[1,1,header.from=arm.com])
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9xYjM7xIQ1mw/ygfcAArXW+0gqxAt4PSBJSRqNG4Ma0=; b=t1ht5zoqNf02a+Z4te6ZzQoO2IRJuHbQwjsatTNV0/UTfqMxN0HbDYYaMXVnZ6vmchtiFNy4Au8vLBXMlXaD8tuwPuLIIUfjqe/3TIEfVZYbCUSjYVPZveuX12oYG/FTW7LxpLsDmJ5FlAae5LlUFOXP4S01dmwReqEM1kWfiYK6cJdgUf9cMCRFOpWqtk/MQ868za8Ii6jx73cdsYcqU2xQQZOmLI2CDlazsO/JUT5wDjjeSPWik7cu6oHvmmcLBuJH8DQzWLRe0dqyB+JNwlu7yG8OrtEh04k248mqoiu05VoHFrjCUAHNeSlmymUeLrP4zSajYuciULTafT+Izw==
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9xYjM7xIQ1mw/ygfcAArXW+0gqxAt4PSBJSRqNG4Ma0=; b=WZz9HmJAVXa2OqC9GAJHLNqyjLRyCQyIrbpQidT6K8k6wkw+j/7Gp6euoOSjXaTHOckbYG2UVZeZbx5jB0DtFanMU0bb5phRRtLO/42x1O45F2xdjATymh/KY2GJ2YgGc29Nw6aiZMDT4E04ieA5Ad2lJQqSHf6xjWfR79nlOD9lu4/VBcpuLqJQSF+T5POZnm1BZ3aLIywfR5zEqFyTibqpqcsv9RsAuj/HhanQ66zkM6jvHC/gRPc4XFFCWtDQ2IyiYZUbexFSwYBuD3QTOruaneuTBhT/fqj2CDFUfpZHmEz1hptPdz3+YNtx2WBn7IvTZgaK3U1brO/+ztpqRQ==
  • Arc-seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=W0exkQqOM/skEsgVnDHOVSOm9NJPCrRUHKZHQLy2HMRbsCHy1G4lbpy7NmRSz2SOzNU5wbHCMV70skiqV2xwBUGP9cWm434+ylqcT/ZSK0RNrLu3OHAfc/diEqxnfUs1XEhD50hI1aaM9DdoPsjRdARWGDfaseH1y1wIebaDVv1iWTLKSedJS2ynN6Wc2md6VXxVxKugdhu/bFIkZdF2NmRCqkFLmJvRRMo32+v3RHTPClSpd9PBvTC+j5uheYdpuzXBGXLfrDYIhYHoUZhI3d1zetQgc1si0PwK/cAZdZBDaGnSjf2Bm44WBAyGSzWT5mQtLIOWVdruHRMOZFBXgw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xGjY7+NNNyiz9JW94kMnIDXdaaMSS0v4VyUx4VdQnaNmqMp4D2M3XjLsDdJhC1hYadtskqevG/9FoxjZunMRjmuwfrbE6tQ/aOM1NVcsLuhMbiIu5l6sJ553xb8wG8PWRMgnpLBEv0g4rKnIXEu9P0UbGZ9EH5DYa9jsBq2911y45g+8lSXyPFAci7sBEnFV3nX+5OGZUyQqJTEY/JzQJDspLbPzoN+5wtloNMMEfTtg78KYVzJrciTlbbl4dS6bxp8w/lws8RrFELLuq6CtcbdwdXIaJBJZFpfWA5PcIW76RQjVx53Yu8LzOet7iIjoGFVjGBGEoMKbt+0dWL56bw==
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>
  • Delivery-date: Thu, 26 Sep 2024 06:51:15 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHbCo5DR6ro4Z09O0aiPTgUk1dK17Jjv8yAgALhMQCAAh6EAIAA7CwA
  • Thread-topic: [PATCH 03/10] xen/arm: ffa: fix version negotiation

Hi Julien,

> On 25 Sep 2024, at 18:45, Julien Grall <julien@xxxxxxx> wrote:
> 
> 
> 
> On 24/09/2024 09:23, Bertrand Marquis wrote:
>> Hi Julien,
> 
> Hi Bertrand,
> 
> 
>>> On 22 Sep 2024, at 14:25, Julien Grall <julien@xxxxxxx> wrote:
>>> 
>>> Hi Bertrand,
>>> 
>>> NIT Typo: s/fix/Fix/ to match the other title
>> Ack
>>> 
>>> On 19/09/2024 14:19, Bertrand Marquis wrote:
>>>> Fix FFA version negotiation with the firmware to follow the
>>>> specification guidance more closely.
>>> 
>>> To confirm, below is based on 13.2.1 in DEN0077A, is that correct? If so, 
>>> can you add a link in the commit message (and maybe code).
>> Yes it and i will add a link and description to the commit message.
>>> 
>>>> When the firmware returns OK we can have several cases:
>>>> - the version requested is accepted but the firmware supports a greater
>>>>   one in the same major.
>>>> - the firmware supports a greater major version. It could still return
>>>>   OK even if the version requested is not accepted. Reject it.
>>>> - the firmware supports a lower version. It will return OK and give that
>>>>   version. Check if we support it and use it or reject it if we do not.
>>>> Adapt the code to:
>>>> - reject any version lower than the one we support or not with the same
>>>>   major version
>>>> - use the version returned if in our supported range (currently 1.1
>>>>   only)
>>>> - use 1.1 if the version returned is greater.
>>>> Also adapt the handling of version requests from VM:
>>>> - return an error for a different major
>>>> - return 1.1 for a version >= 1.1
>>>> - return 1.0 if 1.0 was requested
>>>> Signed-off-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>
>>>> ---
>>>>  xen/arch/arm/tee/ffa.c | 38 ++++++++++++++++++++++++++++++--------
>>>>  1 file changed, 30 insertions(+), 8 deletions(-)
>>>> diff --git a/xen/arch/arm/tee/ffa.c b/xen/arch/arm/tee/ffa.c
>>>> index 7ff2529b2055..1f602f25d097 100644
>>>> --- a/xen/arch/arm/tee/ffa.c
>>>> +++ b/xen/arch/arm/tee/ffa.c
>>>> @@ -141,13 +141,24 @@ static void handle_version(struct cpu_user_regs 
>>>> *regs)
>>>>      struct ffa_ctx *ctx = d->arch.tee;
>>>>      uint32_t vers = get_user_reg(regs, 1);
>>>>  -    if ( vers < FFA_VERSION_1_1 )
>>>> -        vers = FFA_VERSION_1_0;
>>>> -    else
>>>> -        vers = FFA_VERSION_1_1;
>>>> +    /**
>>> 
>>> Coding style: We are use a single '*' to start comment.
>> Ack
>>> 
>>>> +     * As of now we only support 1.0 or 1.1.
>>>> +     * For any 1.x >= 1.1 return OK with 1.1
>>>> +     * For 1.0 return OK with 1.0
>>>> +     * For anything else return an error.
>>>> +     */
>>>> +    if ( (vers >> FFA_VERSION_MAJOR_SHIFT) == FFA_MY_VERSION_MAJOR )
>>>> +    {> +        if ( vers < FFA_VERSION_1_1 )
>>>> +            vers = FFA_VERSION_1_0;
>>>> +        else
>>>> +            vers = FFA_VERSION_1_1;
>>> 
>>> I feel the logic is fragile. The first ``if`` is generic and I think it 
>>> would be easy to update the major version without updating 
>>> handle_version(). To some extend, the same problem would happen with the 
>>> minor version.
>> so something like:
>> if (MAJOR(vers) == MY_MAJOR)
>> {
>>    if (MINOR(vers) < MY_MIN || MINOR(vers)>MY_MIN)
>> vers = MY_VERSION
>>    else
>>         keep requested version
>> }
>>> 
>>> AFAICT, this is not a new issue, but as you touch the code, we should 
>>> probably harden it. I could settle with a BUILD_BUG_ON() to catch any 
>>> change of the minor/major.
>> i could see a BUILD_BUG_ON(MAJOR(MIN_VERSION) != MAJOR(MAX_VERSION))
>> Is that what you have in mind ?
> 
> I had in mind to check specifically that FFA_MY_VERSION_{MAJOR, MINOR} were 
> both 1. But I think your proposal is better.

Ok.

> 
>>> 
>>>>  -    ctx->guest_vers = vers;
>>>> -    ffa_set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0);
>>>> +        ctx->guest_vers = vers;
>>>> +        ffa_set_regs(regs, vers, 0, 0, 0, 0, 0, 0, 0);
>>>> +    }
>>>> +    else
>>>> +        ffa_set_regs_error(regs, FFA_RET_NOT_SUPPORTED);
>>>>  }
>>>>    static void handle_msg_send_direct_req(struct cpu_user_regs *regs, 
>>>> uint32_t fid)
>>>> @@ -530,7 +541,8 @@ static bool ffa_probe(void)
>>>>          goto err_no_fw;
>>>>      }
>>>>  -    if ( vers < FFA_MIN_SPMC_VERSION || vers > FFA_MY_VERSION )
>>>> +    if ( vers < FFA_MIN_SPMC_VERSION ||
>>>> +              (vers >> FFA_VERSION_MAJOR_SHIFT) != FFA_MY_VERSION_MAJOR )
>>> 
>>> Coding style: the second line should be aligned with 'vers' rather than 
>>> indented.
>> Ack
>>> 
>>>>      {
>>>>          printk(XENLOG_ERR "ffa: Incompatible version %#x found\n", vers);
>>>>          goto err_no_fw;
>>>> @@ -542,7 +554,17 @@ static bool ffa_probe(void)
>>>>      printk(XENLOG_INFO "ARM FF-A Firmware version %u.%u\n",
>>>>             major_vers, minor_vers);
>>>>  -    ffa_fw_version = vers;
>>>> +    /**
>>> 
>>> Coding style: We start comment with /*.
>> Ack
>>> 
>>>> +     * If the call succeed and the version returned is higher or equal to
>>>> +     * the one Xen requested, the version requested by Xen will be the one
>>>> +     * used. If the version returned is lower but compatible with Xen, Xen
>>>> +     * will use that version instead.
>>>> +     * A version with a different major is rejected before.
>>>> +     */
>>>> +    if ( vers > FFA_MY_VERSION )
>>>> +        ffa_fw_version = FFA_MY_VERSION;
>>>> +    else
>>>> +        ffa_fw_version = vers;
>>> 
>>> Looking at the code after your series (didn't check before). We don't seem 
>>> to use ffa_fw_version for other than checking that FFA was detected. So 
>>> wouldn't it be better to stop storing the version?
>> We are only supporting a firmware version with 1.1 at the moment but when we 
>> will add support for FFA version 1.2 in the next weeks this will not be true 
>> anymore so if this is ok with you i would rather keep it.
> 
> I am fine to keep ffa_fw_version as-is given there is a future use.

Good thanks.

Cheers
Bertrand

> 
> Cheers,
> 
> -- 
> Julien Grall





 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.